[
https://issues.apache.org/jira/browse/ISIS-840?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14066061#comment-14066061
]
ASF subversion and git services commented on ISIS-840:
------------------------------------------------------
Commit 2772d87671fdea08428f00d6823e264c9c44406e in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=2772d87 ]
ISIS-840: fix perm group stuff for IsisPermission
Also (commented out) updates to the todoapp example.
> "Permission groups" for IsisPermission (custom security string for Shiro) not
> working as advertised.
> ----------------------------------------------------------------------------------------------------
>
> Key: ISIS-840
> URL: https://issues.apache.org/jira/browse/ISIS-840
> Project: Isis
> Issue Type: Bug
> Components: Core: Security: Shiro
> Affects Versions: core-1.5.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Fix For: core-1.6.0
>
>
> Per docs [1]
> user_role = !reg/org.estatio.api,\
> !reg/org.estatio.webapp.services.admin,\
> reg/* ;
> admin_role = adm/*
> then a user with both user_role and admin_role should have access to
> everything, because the two vetos in the "reg" group do not veto the
> permission provided in the "adm" group.
> ~~~
> Tracking this down showed the issue to be a reliance on equals()
> implementation in IsisPermission.
> [1]
> http://isis.apache.org/components/security/shiro/format-of-permissions.html
--
This message was sent by Atlassian JIRA
(v6.2#6252)
